Sanare: Pluggable Intrusion Recovery for Web Applications
Autor: | Miguel Correia, Miguel L. Pardal, David R. Matos |
---|---|
Rok vydání: | 2021 |
Předmět: |
Scheme (programming language)
File system Source code Computer science business.industry media_common.quotation_subject Cloud computing computer.software_genre Computer security Web application State (computer science) Web service Precision and recall business computer computer.programming_language media_common |
DOI: | 10.36227/techrxiv.13725991.v1 |
Popis: | Web applications are exposed to many threats and, despite the best defensive efforts, are often successfully attacked. Reverting the effects of an attack on the state of such an application requires a profound knowledge about the application, to understand what data did the attack corrupt. Furthermore, it requires knowing what steps are needed to revert the effects without modifying legitimate data created by legitimate users. Existing intrusion recovery systems are capable of reverting the effects of the attack but they require modifications to the source code of the application, which may be unpractical. We present Sanare, a pluggable intrusion recovery system designed for web applications that use different data storage systems to keep their state. Sanare does not require any modification to the source code of the application or the web server. Instead, it uses Matchare, a new deep learning scheme we introduce to learn the matches between the HTTP requests and the database statements, file system operations and web services requests that the HTTP requests caused. We evaluated Sanare with three open source web applications: WordPress, GitLab and ownCloud. In our experiments Matchare achieved precision and recall higher than 97.5%. |
Databáze: | OpenAIRE |
Externí odkaz: |
načítá se...